LGPD
Brazil's General Data Protection Law — a comprehensive privacy regulation modeled on GDPR governing personal data processing.
What LGPD means
The LGPD (Lei Geral de Proteção de Dados) is Brazil's comprehensive data protection law, effective since September 2020. Modeled on GDPR, it applies to any organization processing personal data of individuals located in Brazil, regardless of where the organization is based. Key provisions include 10 legal bases for processing (including consent, legitimate interest, and contractual necessity), data subject rights (access, correction, deletion, portability), mandatory data protection officer appointment, breach notification requirements, and international data transfer restrictions. For advertisers targeting Brazil, LGPD affects ad targeting, pixel implementation, data sharing with platforms, and consent requirements. The ANPD (National Data Protection Authority) enforces LGPD with fines up to 2% of revenue (capped at BRL 50 million per violation). Brazil's large digital advertising market makes LGPD compliance essential for international advertisers.
Related terms
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
CCPA
The California Consumer Privacy Act — a US state law giving California residents rights over their personal data, including the right to opt out of data sale.
Consent
A user's explicit or implied permission for data collection, processing, or advertising targeting, required by privacy regulations.
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.